hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,275 Commits 1,671 Branches 157 Tags
tausbn/python-refine-location-of-flask-request-sources
Commit Graph

1925 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
40dde93beb C++: Fix FP and accept test changes. 2023-04-13 11:00:08 +01:00
Mathias Vorreiter Pedersen
23a7cd943f C++: Fix missing result and accept test changes. 2023-04-13 10:50:46 +01:00
Mathias Vorreiter Pedersen
416f8d5ac9 C++: Fix test annotations. 2023-04-13 10:47:17 +01:00
Mathias Vorreiter Pedersen
c76dbebd9b C++: Ensure that the 'use-after-free' query is run on 'test_free.cpp'. 2023-04-13 10:47:07 +01:00
Mathias Vorreiter Pedersen
3c88590df2 C++: Accept test changes for the new use-after-query. 2023-04-11 15:21:21 +01:00
Mathias Vorreiter Pedersen
a8151b4ee4 C++: Add double-free tests. 2023-04-11 15:21:21 +01:00
Mathias Vorreiter Pedersen
8fef101432 C++: Fix missing result and accept test changes. 2023-04-06 10:41:08 +01:00
Mathias Vorreiter Pedersen
8014bdc993 C++: Add failing test for 'cpp/tainted-arithmetic'. 2023-04-06 10:39:49 +01:00
Mathias Vorreiter Pedersen
2ce0d2b7ee C++: Accept more test changes. 2023-03-21 10:07:23 +00:00
Mathias Vorreiter Pedersen
40cc2e7891 C++: Also exclude unevaluated buffers in 'OverflowStatic'. 2023-03-21 09:53:39 +00:00
Mathias Vorreiter Pedersen
4d2a1ea149 C++: Also add a FP test to 'OverflowStatic'. 2023-03-21 09:50:47 +00:00
Mathias Vorreiter Pedersen
8623d8eb8e C++: Exclude unevaluated expressions from BufferAccess. 2023-03-21 09:48:09 +00:00
Mathias Vorreiter Pedersen
b37bb660c5 C++: Add FP caused by a BufferAccess inside an unevalauted context. 2023-03-21 09:37:18 +00:00
Jeroen Ketema
de97ae38dc C++: C++: Use getAUse in getIRRepresentationOfIndirectOperand 2023-03-09 15:15:00 +01:00
Jeroen Ketema
a2248cb5a0 C++: Use getAUse in getIRRepresentationOfOperand 2023-03-09 09:45:54 +01:00
Mathias Vorreiter Pedersen
63690066c5 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-03-07 13:06:43 +00:00
Mathias Vorreiter Pedersen
b054b9c5cd Merge pull request #12408 from jketema/merge-main 
C++: use-use dataflow merge main
 2023-03-07 13:05:30 +00:00
Paolo Tranquilli
bdad847584 Merge pull request #12422 from github/redsun82/cpp-scanf-fp 
C++: add false positives to `MissingCheckScanf` test
 2023-03-07 13:29:22 +01:00
Paolo Tranquilli
429518bcea C++: add further FP to test 2023-03-07 12:03:34 +01:00
Paolo Tranquilli
311cf4e7fd C++: add false positives to MissingCheckScanf test 
See https://github.com/github/codeql/issues/12412 for the initial
report.
 2023-03-07 11:56:05 +01:00
Jeroen Ketema
47930f94e2 Merge remote-tracking branch 'upstream/main' into merge-main 2023-03-06 15:20:39 +01:00
Mathias Vorreiter Pedersen
d2d91cfb29 C++: Accept test changes. 2023-03-06 11:30:40 +00:00
Mathias Vorreiter Pedersen
907e6299a4 C++: Convert 'ExecTainted' to use the new refactored dataflow library. 2023-03-03 14:41:29 +00:00
Mathias Vorreiter Pedersen
d93d22ba3e C++: Fix FPs in 'cpp/non-constant-format'. 2023-02-28 10:05:05 +00:00
Mathias Vorreiter Pedersen
1e5b235f4b C++: Accept test changes in 'cpp/non-constant-format'. These are actually FPs. 2023-02-28 10:02:32 +00:00
Mathias Vorreiter Pedersen
04b84320c9 C++: Accept more query-test changes. 2023-02-28 00:06:35 +00:00
Mathias Vorreiter Pedersen
7bb806563f Merge branch 'mathiasvp/replace-ast-with-ir-use-usedataflow' into no-taint-indirect-direct-conflation 2023-02-27 17:19:36 +00:00
Mathias Vorreiter Pedersen
2a9133aae0 C++: Accept query-test changes. 2023-02-27 17:15:53 +00:00
Mathias Vorreiter Pedersen
354a12c906 C++: Fix queries. Since there's no longer indirect -> direct flow in 
taint-tracking we need to make sure the affected sink definitions also
handle indirect flow.
 2023-02-27 14:57:36 +00:00
Mathias Vorreiter Pedersen
1e4caca23a C++: Accept query changes. Nothing bad to see here. 2023-02-27 14:57:35 +00:00
Jeroen Ketema
9e462866a0 C++: Update test annotations for use-use dataflow 2023-02-14 14:48:08 +01:00
Jeroen Ketema
20ce4cdf91 C++: Map operand nodes that are only used once onto the related instruction node 2023-02-07 14:17:54 +01:00
Mathias Vorreiter Pedersen
77250af444 Merge pull request #12050 from MathiasVP/flow-out-of-iterators-3 2023-02-03 18:43:37 +00:00
Mathias Vorreiter Pedersen
968fff29ac Merge branch 'mathiasvp/replace-ast-with-ir-use-usedataflow' into flow-out-of-iterators-3 2023-02-02 09:12:02 +00:00
Mathias Vorreiter Pedersen
eb31160ae0 C++: Accept test changes. 2023-02-01 13:42:03 +00:00
Mathias Vorreiter Pedersen
702b10ff96 Merge branch 'mathiasvp/replace-ast-with-ir-use-usedataflow' into global-flow 2023-02-01 13:37:10 +00:00
Mathias Vorreiter Pedersen
0e1dcc8062 C++: Accept test changes. These all appear to be good changes. 2023-02-01 13:25:37 +00:00
Jeroen Ketema
24891c3f43 C++: Fix missing subpaths when displaying dataflow paths 2023-01-31 10:57:06 +01:00
Mathias Vorreiter Pedersen
7cc7675cdc C++: Accept query changes. These are just deduplications. 2023-01-30 09:26:14 +00:00
Mathias Vorreiter Pedersen
7fb9db49be C++: Accept test changes. 2023-01-24 11:11:11 +00:00
Mathias Vorreiter Pedersen
79b77b01fd Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-01-23 15:49:36 +00:00
Jeroen Ketema
05ecd2e015 Merge pull request #11958 from jketema/argv-if-tests 
C++: Add some additional uncontrolled format string tests
 2023-01-23 14:05:07 +01:00
Jeroen Ketema
cfc0dabad9 C++: Add some additional uncontrolled format string tests 
These duplicate the `i9` and `i91` tests slightly earlier in the same file, but
use an explicit `if` instead of the ternary operator.
 2023-01-23 11:50:45 +01:00
Jeroen Ketema
f628152be1 C++: In dataflow use the AST representation of IR Instructions and Operands 2023-01-20 10:39:50 +01:00
Jeroen Ketema
a892ae8764 C++: Fix spurious results in default taint tracking 2023-01-16 19:10:10 +01:00
Geoffrey White
13ae15b867 C++: Add tests for more edge cases. 2023-01-13 18:38:29 +00:00
Mathias Vorreiter Pedersen
8b01dfe696 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-01-10 17:30:29 +00:00
Mathias Vorreiter Pedersen
0f93e5c907 Merge pull request #11781 from MathiasVP/as-expr-for-arrays 
C++: Map more expressions to `OperandNode`s
 2023-01-09 14:38:22 +00:00
Geoffrey White
bb451f3911 C++: Fix result duplication. 2023-01-06 11:05:47 +00:00
Geoffrey White
823c767aac C++: Undo changes to SizeCheck.ql, SizeCheck2.ql. 2023-01-05 12:34:12 +00:00